Skip to content

Instantly share code, notes, and snippets.

@directhex
Created March 6, 2015 15:33
Show Gist options
  • Save directhex/728af6f96d1b8c976659 to your computer and use it in GitHub Desktop.
Save directhex/728af6f96d1b8c976659 to your computer and use it in GitHub Desktop.
diff -urNad mono-2.6.7.orig/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/CipherSuiteFactory.cs mono-2.6.7/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/CipherSuiteFactory.cs
--- mono-2.6.7.orig/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/CipherSuiteFactory.cs 2009-09-25 15:59:06.000000000 +0100
+++ mono-2.6.7/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/CipherSuiteFactory.cs 2015-03-06 15:27:39.106561719 +0000
@@ -60,14 +60,14 @@
scs.Add((0x00 << 0x08) | 0x09, "TLS_RSA_WITH_DES_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, false, true, 8, 8, 56, 8, 8);
// Supported exportable ciphers
- scs.Add((0x00 << 0x08) | 0x03, "TLS_RSA_EXPORT_WITH_RC4_40_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, false, 5, 16, 40, 0, 0);
- scs.Add((0x00 << 0x08) | 0x06, "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5", CipherAlgorithmType.Rc2, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 16, 40, 8, 8);
- scs.Add((0x00 << 0x08) | 0x08, "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 8, 40, 8, 8);
- scs.Add((0x00 << 0x08) | 0x60, "TLS_RSA_EXPORT_WITH_RC4_56_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, false, 7, 16, 56, 0, 0);
- scs.Add((0x00 << 0x08) | 0x61, "TLS_RSA_EXPORT_WITH_RC2_CBC_56_MD5", CipherAlgorithmType.Rc2, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, true, 7, 16, 56, 8, 8);
+ // scs.Add((0x00 << 0x08) | 0x03, "TLS_RSA_EXPORT_WITH_RC4_40_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, false, 5, 16, 40, 0, 0);
+ // scs.Add((0x00 << 0x08) | 0x06, "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5", CipherAlgorithmType.Rc2, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 16, 40, 8, 8);
+ // scs.Add((0x00 << 0x08) | 0x08, "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 8, 40, 8, 8);
+ // scs.Add((0x00 << 0x08) | 0x60, "TLS_RSA_EXPORT_WITH_RC4_56_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, false, 7, 16, 56, 0, 0);
+ // scs.Add((0x00 << 0x08) | 0x61, "TLS_RSA_EXPORT_WITH_RC2_CBC_56_MD5", CipherAlgorithmType.Rc2, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, true, 7, 16, 56, 8, 8);
// 56 bits but we use 64 bits because of parity (DES is really 56 bits)
- scs.Add((0x00 << 0x08) | 0x62, "TLS_RSA_EXPORT_WITH_DES_CBC_56_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, true, 8, 8, 64, 8, 8);
- scs.Add((0x00 << 0x08) | 0x64, "TLS_RSA_EXPORT_WITH_RC4_56_SHA", CipherAlgorithmType.Rc4, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, false, 7, 16, 56, 0, 0);
+ // scs.Add((0x00 << 0x08) | 0x62, "TLS_RSA_EXPORT_WITH_DES_CBC_56_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, true, 8, 8, 64, 8, 8);
+ // scs.Add((0x00 << 0x08) | 0x64, "TLS_RSA_EXPORT_WITH_RC4_56_SHA", CipherAlgorithmType.Rc4, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, false, 7, 16, 56, 0, 0);
// Default CipherSuite
// scs.Add(0, "TLS_NULL_WITH_NULL_NULL", CipherAlgorithmType.None, HashAlgorithmType.None, ExchangeAlgorithmType.None, true, false, 0, 0, 0, 0, 0);
@@ -138,14 +138,14 @@
scs.Add((0x00 << 0x08) | 0x09, "SSL_RSA_WITH_DES_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, false, true, 8, 8, 56, 8, 8);
// Supported exportable ciphers
- scs.Add((0x00 << 0x08) | 0x03, "SSL_RSA_EXPORT_WITH_RC4_40_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, false, 5, 16, 40, 0, 0);
- scs.Add((0x00 << 0x08) | 0x06, "SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5", CipherAlgorithmType.Rc2, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 16, 40, 8, 8);
- scs.Add((0x00 << 0x08) | 0x08, "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 8, 40, 8, 8);
- scs.Add((0x00 << 0x08) | 0x60, "SSL_RSA_EXPORT_WITH_RC4_56_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, false, 7, 16, 56, 0, 0);
- scs.Add((0x00 << 0x08) | 0x61, "SSL_RSA_EXPORT_WITH_RC2_CBC_56_MD5", CipherAlgorithmType.Rc2, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, true, 7, 16, 56, 8, 8);
+ // scs.Add((0x00 << 0x08) | 0x03, "SSL_RSA_EXPORT_WITH_RC4_40_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, false, 5, 16, 40, 0, 0);
+ // scs.Add((0x00 << 0x08) | 0x06, "SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5", CipherAlgorithmType.Rc2, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 16, 40, 8, 8);
+ // scs.Add((0x00 << 0x08) | 0x08, "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 8, 40, 8, 8);
+ // scs.Add((0x00 << 0x08) | 0x60, "SSL_RSA_EXPORT_WITH_RC4_56_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, false, 7, 16, 56, 0, 0);
+ // scs.Add((0x00 << 0x08) | 0x61, "SSL_RSA_EXPORT_WITH_RC2_CBC_56_MD5", CipherAlgorithmType.Rc2, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, true, 7, 16, 56, 8, 8);
// 56 bits but we use 64 bits because of parity (DES is really 56 bits)
- scs.Add((0x00 << 0x08) | 0x62, "SSL_RSA_EXPORT_WITH_DES_CBC_56_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, true, 8, 8, 64, 8, 8);
- scs.Add((0x00 << 0x08) | 0x64, "SSL_RSA_EXPORT_WITH_RC4_56_SHA", CipherAlgorithmType.Rc4, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, false, 7, 16, 56, 0, 0);
+ // scs.Add((0x00 << 0x08) | 0x62, "SSL_RSA_EXPORT_WITH_DES_CBC_56_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, true, 8, 8, 64, 8, 8);
+ // scs.Add((0x00 << 0x08) | 0x64, "SSL_RSA_EXPORT_WITH_RC4_56_SHA", CipherAlgorithmType.Rc4, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, false, 7, 16, 56, 0, 0);
// Default CipherSuite
// scs.Add(0, "SSL_NULL_WITH_NULL_NULL", CipherAlgorithmType.None, HashAlgorithmType.None, true, false, 0, 0, 0, 0, 0);
diff -urNad mono-2.6.7.orig/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs mono-2.6.7/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs
--- mono-2.6.7.orig/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs 2015-03-06 15:27:19.890562158 +0000
+++ mono-2.6.7/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs 2015-03-06 15:27:39.106561719 +0000
@@ -160,13 +160,6 @@
return new TlsServerCertificate(this.context, buffer);
// Optional
- case HandshakeType.ServerKeyExchange:
- // only for RSA_EXPORT
- if (last == HandshakeType.Certificate && context.Current.Cipher.IsExportable)
- return new TlsServerKeyExchange(this.context, buffer);
- break;
-
- // Optional
case HandshakeType.CertificateRequest:
if (last == HandshakeType.ServerKeyExchange || last == HandshakeType.Certificate)
return new TlsServerCertificateRequest(this.context, buffer);
diff -urNad mono-2.6.7.orig/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslCipherSuite.cs mono-2.6.7/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslCipherSuite.cs
--- mono-2.6.7.orig/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslCipherSuite.cs 2009-09-25 15:59:06.000000000 +0100
+++ mono-2.6.7/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslCipherSuite.cs 2015-03-06 15:27:39.106561719 +0000
@@ -190,59 +190,15 @@
this.Context.ClientWriteKey = keyBlock.ReadBytes(this.KeyMaterialSize);
this.Context.ServerWriteKey = keyBlock.ReadBytes(this.KeyMaterialSize);
- if (!this.IsExportable)
+ if (this.IvSize != 0)
{
- if (this.IvSize != 0)
- {
- this.Context.ClientWriteIV = keyBlock.ReadBytes(this.IvSize);
- this.Context.ServerWriteIV = keyBlock.ReadBytes(this.IvSize);
- }
- else
- {
- this.Context.ClientWriteIV = CipherSuite.EmptyArray;
- this.Context.ServerWriteIV = CipherSuite.EmptyArray;
- }
+ this.Context.ClientWriteIV = keyBlock.ReadBytes(this.IvSize);
+ this.Context.ServerWriteIV = keyBlock.ReadBytes(this.IvSize);
}
else
{
- HashAlgorithm md5 = MD5.Create();
-
- int keySize = (md5.HashSize >> 3); //in bytes not bits
- byte[] temp = new byte [keySize];
-
- // Generate final write keys
- md5.TransformBlock(this.Context.ClientWriteKey, 0, this.Context.ClientWriteKey.Length, temp, 0);
- md5.TransformFinalBlock(this.Context.RandomCS, 0, this.Context.RandomCS.Length);
- byte[] finalClientWriteKey = new byte[this.ExpandedKeyMaterialSize];
- Buffer.BlockCopy(md5.Hash, 0, finalClientWriteKey, 0, this.ExpandedKeyMaterialSize);
-
- md5.Initialize();
- md5.TransformBlock(this.Context.ServerWriteKey, 0, this.Context.ServerWriteKey.Length, temp, 0);
- md5.TransformFinalBlock(this.Context.RandomSC, 0, this.Context.RandomSC.Length);
- byte[] finalServerWriteKey = new byte[this.ExpandedKeyMaterialSize];
- Buffer.BlockCopy(md5.Hash, 0, finalServerWriteKey, 0, this.ExpandedKeyMaterialSize);
-
- this.Context.ClientWriteKey = finalClientWriteKey;
- this.Context.ServerWriteKey = finalServerWriteKey;
-
- // Generate IV keys
- if (this.IvSize > 0)
- {
- md5.Initialize();
- temp = md5.ComputeHash(this.Context.RandomCS, 0, this.Context.RandomCS.Length);
- this.Context.ClientWriteIV = new byte[this.IvSize];
- Buffer.BlockCopy(temp, 0, this.Context.ClientWriteIV, 0, this.IvSize);
-
- md5.Initialize();
- temp = md5.ComputeHash(this.Context.RandomSC, 0, this.Context.RandomSC.Length);
- this.Context.ServerWriteIV = new byte[this.IvSize];
- Buffer.BlockCopy(temp, 0, this.Context.ServerWriteIV, 0, this.IvSize);
- }
- else
- {
- this.Context.ClientWriteIV = CipherSuite.EmptyArray;
- this.Context.ServerWriteIV = CipherSuite.EmptyArray;
- }
+ this.Context.ClientWriteIV = CipherSuite.EmptyArray;
+ this.Context.ServerWriteIV = CipherSuite.EmptyArray;
}
DebugHelper.WriteLine(">>>> KeyBlock", keyBlock.ToArray());
diff -urNad mono-2.6.7.orig/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslServerStream.cs mono-2.6.7/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslServerStream.cs
--- mono-2.6.7.orig/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslServerStream.cs 2010-03-11 06:13:16.000000000 +0000
+++ mono-2.6.7/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslServerStream.cs 2015-03-06 15:31:14.758556786 +0000
@@ -230,19 +230,11 @@
// Send ServerCertificate message
this.protocol.SendRecord(HandshakeType.Certificate);
- // If the negotiated cipher is a KeyEx cipher send ServerKeyExchange
- if (this.context.Negotiating.Cipher.IsExportable)
- {
- this.protocol.SendRecord(HandshakeType.ServerKeyExchange);
- }
-
bool certRequested = false;
- // If the negotiated cipher is a KeyEx cipher or
- // the client certificate is required send the CertificateRequest message
- if (this.context.Negotiating.Cipher.IsExportable ||
- ((ServerContext)this.context).ClientCertificateRequired ||
- ((ServerContext)this.context).RequestClientCertificate)
+ // If the client certificate is required send the CertificateRequest message
+ if (((ServerContext)this.context).ClientCertificateRequired ||
+ ((ServerContext)this.context).RequestClientCertificate)
{
this.protocol.SendRecord(HandshakeType.CertificateRequest);
certRequested = true;
diff -urNad mono-2.6.7.orig/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/TlsCipherSuite.cs mono-2.6.7/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/TlsCipherSuite.cs
--- mono-2.6.7.orig/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/TlsCipherSuite.cs 2009-09-25 15:59:06.000000000 +0100
+++ mono-2.6.7/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/TlsCipherSuite.cs 2015-03-06 15:27:39.106561719 +0000
@@ -118,45 +118,15 @@
this.Context.ClientWriteKey = keyBlock.ReadBytes(this.KeyMaterialSize);
this.Context.ServerWriteKey = keyBlock.ReadBytes(this.KeyMaterialSize);
- if (!this.IsExportable)
+ if (this.IvSize != 0)
{
- if (this.IvSize != 0)
- {
- this.Context.ClientWriteIV = keyBlock.ReadBytes(this.IvSize);
- this.Context.ServerWriteIV = keyBlock.ReadBytes(this.IvSize);
- }
- else
- {
- this.Context.ClientWriteIV = CipherSuite.EmptyArray;
- this.Context.ServerWriteIV = CipherSuite.EmptyArray;
- }
+ this.Context.ClientWriteIV = keyBlock.ReadBytes(this.IvSize);
+ this.Context.ServerWriteIV = keyBlock.ReadBytes(this.IvSize);
}
else
{
- // Generate final write keys
- byte[] finalClientWriteKey = PRF(this.Context.ClientWriteKey, "client write key", this.Context.RandomCS, this.ExpandedKeyMaterialSize);
- byte[] finalServerWriteKey = PRF(this.Context.ServerWriteKey, "server write key", this.Context.RandomCS, this.ExpandedKeyMaterialSize);
-
- this.Context.ClientWriteKey = finalClientWriteKey;
- this.Context.ServerWriteKey = finalServerWriteKey;
-
- if (this.IvSize > 0)
- {
- // Generate IV block
- byte[] ivBlock = PRF(CipherSuite.EmptyArray, "IV block", this.Context.RandomCS, this.IvSize*2);
-
- // Generate IV keys
- this.Context.ClientWriteIV = new byte[this.IvSize];
- Buffer.BlockCopy(ivBlock, 0, this.Context.ClientWriteIV, 0, this.Context.ClientWriteIV.Length);
-
- this.Context.ServerWriteIV = new byte[this.IvSize];
- Buffer.BlockCopy(ivBlock, this.IvSize, this.Context.ServerWriteIV, 0, this.Context.ServerWriteIV.Length);
- }
- else
- {
- this.Context.ClientWriteIV = CipherSuite.EmptyArray;
- this.Context.ServerWriteIV = CipherSuite.EmptyArray;
- }
+ this.Context.ClientWriteIV = CipherSuite.EmptyArray;
+ this.Context.ServerWriteIV = CipherSuite.EmptyArray;
}
DebugHelper.WriteLine(">>>> KeyBlock", keyBlock.ToArray());
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment